100 days to GDPR – what do marketers need to know?
The countdown to the new General Data Protection Regulations has begun, bringing sweeping changes on handling data and heavy penalties for ignoring the rules across the EU. Don’t be complacent – use our checklist to ensure you are GDPR ready.
On 25th May 2018 GDPR will replace the current Data Protection Directive across all EU Member States. Its requirements will significantly impact how organisations collect and process personal information. It is important that you have a basic understanding of the key requirement of the law, mainly related to what data you store, where the data is stored, who has access to it and what you are using the data for. When it comes to data, less is most definitely better. Here are the main aspects for you to consider;
Know your data
- What data do you hold?
- Where do you hold it?
- How long have you held it?
- Have you Classified all data?
- If you do not need it, delete it
- Update Data Privacy Policies
- Sign Data Processing Agreements with Clients/Suppliers
- Update Consent Forms
- Consider Encryption
Protect personal data
- Log all processing activities
- Limit access – Need to Know
- Consider Role Based Access Controls
- How would you deal with a breach
Only Process data lawfully
- Know how it was collected?
- What consent does it come with?
- How is it processed?
- Into your processes and procedures
- Create protocols for Data Transfer
- Consider Anonymisation of your data
- Consider Pseudonymisation of data
- Implement Ongoing GDPR Training
- Conduct Data Protection Impact
- Assessments on all new processing activities
- Appoint a DPO (if over 250 employees
Use of technology
- Consider Data Loss Prevention software to manage flows of information
- Plan for receiving Data Subject Requests
- Document what you are doing
PromoVeritas are on hand to help you and your company prepare for GDPR in a number of ways;
- We can carry out a GDPR review and audit
- We can prepare you with a GDPR action plan tailored to your needs
- Our legal team can write your Data Privacy documents
- Adjust Terms & Conditions and consent forms to ensure they are compliant
- And don’t forget that you will need a new Data Privacy Agreement with all your suppliers
- We can run Training sessions for your team